package com.ibm.ws.security.javaeesec.fat;

import com.ibm.websphere.simplicity.log.Log;
import com.ibm.ws.security.javaeesec.fat_helper.JavaEESecTestBase;
import com.ibm.ws.security.javaeesec.fat_helper.LocalLdapServer;
import com.ibm.ws.security.javaeesec.fat_helper.SSLHelper;
import com.ibm.ws.security.javaeesec.fat_helper.WCApplicationHelper;
import componenttest.annotation.MinimumJavaLevel;
import componenttest.custom.junit.runner.FATRunner;
import componenttest.custom.junit.runner.Mode;
import componenttest.topology.impl.LibertyServer;
import componenttest.topology.impl.LibertyServerFactory;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.params.BasicHttpParams;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TestName;
import org.junit.runner.RunWith;

@MinimumJavaLevel(javaLevel = 8, runSyntheticTest = false)
@RunWith(FATRunner.class)
@Mode(Mode.TestMode.FULL)
/* loaded from: input_file:com/ibm/ws/security/javaeesec/fat/MultipleModuleGlobalClientCertTest.class */
public class MultipleModuleGlobalClientCertTest extends JavaEESecTestBase {
    protected static String urlBase;
    protected static final String CERTUSER1_KEYFILE = "certuser1.jks";
    protected static final String CERTUSER2_KEYFILE = "certuser2.jks";
    protected static final String CERTUSER3_KEYFILE = "certuser3.jks";
    protected static final String CERTUSER4_KEYFILE = "certuser4.jks";
    protected static final String KEYSTORE_PASSWORD = "s3cur1ty";
    protected static final String LDAP_UR_REALM_NAME = "MyLdapRealm";
    protected static final String LDAP_UR_GROUPS = "group:MyLdapRealm/cn=certgroup1,ou=groups,o=ibm,c=us";
    protected DefaultHttpClient httpclient;
    protected static LocalLdapServer ldapServer;

    @Rule
    public TestName name;
    protected static LibertyServer myServer = LibertyServerFactory.getLibertyServer("com.ibm.ws.security.javaeesec.clientcert.fat");
    protected static Class<?> logClass = MultipleModuleGlobalClientCertTest.class;
    protected static String TEMP_DIR = "test_temp";
    protected static String JAR_NAME = "JavaEESecBase.jar";
    protected static String MODULE1_ROOT = "multipleModule1";
    protected static String MODULE1_NAME = "JavaEESecMultipleISForm";
    protected static String WAR1_NAME = MODULE1_NAME + ".war";
    protected static String MODULE2_ROOT = "multipleModule2";
    protected static String MODULE2CUSTOM_NAME = "JavaEESecMultipleISCustomForm";
    protected static String WAR2CUSTOM_NAME = MODULE2CUSTOM_NAME + ".war";
    protected static String XML_CLIENT_CERT_NO_FAILOVER_NAME = "globalClientCertNoFailOver.xml";
    protected static String XML_CLIENT_CERT_NO_FAILOVER_SUPPORT_NAME = "globalClientCertNoFailOverSupport.xml";
    protected static String APP_NAME = "multipleModule";
    protected static String EAR_NAME = APP_NAME + ".ear";
    protected static String APP1_SERVLET = "/" + MODULE1_ROOT + "/FormServlet";
    protected static String APP2_SERVLET = "/" + MODULE2_ROOT + "/MultipleISCustomFormServlet";

    public MultipleModuleGlobalClientCertTest() {
        super(myServer, logClass);
        this.name = new TestName();
    }

    @BeforeClass
    public static void setUp() throws Exception {
        ldapServer = new LocalLdapServer();
        ldapServer.start();
        WCApplicationHelper.createWar(myServer, TEMP_DIR, WAR1_NAME, true, JAR_NAME, false, new String[]{"web.jar.base", "web.war.servlets.form.get.redirect", "web.war.identitystores.ldap.ldap1", "web.war.identitystores.custom.grouponly", "web.war.identitystores.custom.realm1"});
        WCApplicationHelper.createWar(myServer, TEMP_DIR, WAR2CUSTOM_NAME, true, JAR_NAME, false, new String[]{"web.jar.base", "web.war.servlets.customform", "web.war.servlets.customform.get.forward", "web.war.identitystores.ldap.ldap2", "web.war.identitystores.custom.grouponly", "web.war.identitystores.custom.realm2"});
        WCApplicationHelper.packageWarsToEar(myServer, TEMP_DIR, EAR_NAME, true, new String[]{WAR1_NAME, WAR2CUSTOM_NAME});
        WCApplicationHelper.addEarToServerApps(myServer, TEMP_DIR, EAR_NAME);
        startServer(XML_CLIENT_CERT_NO_FAILOVER_NAME, APP_NAME);
    }

    @AfterClass
    public static void tearDown() throws Exception {
        try {
            myServer.stopServer(new String[]{"CWWKO0801E"});
            if (ldapServer != null) {
                ldapServer.stop();
            }
        } catch (Throwable th) {
            if (ldapServer != null) {
                ldapServer.stop();
            }
            throw th;
        }
    }

    @Before
    public void setupConnection() {
        BasicHttpParams basicHttpParams = new BasicHttpParams();
        basicHttpParams.setParameter("http.protocol.handle-redirects", Boolean.FALSE);
        this.httpclient = new DefaultHttpClient(basicHttpParams);
    }

    @After
    public void cleanupConnection() throws Exception {
        this.httpclient.getConnectionManager().shutdown();
    }

    protected String getCurrentTestName() {
        return this.name.getMethodName();
    }

    protected static void startServer(String str, String str2) throws Exception {
        serverConfigurationFile = str;
        myServer.setServerConfigurationFile(str);
        myServer.startServer(true);
        myServer.addInstalledAppForValidation(str2);
        urlBase = "https://" + myServer.getHostname() + ":" + myServer.getHttpDefaultSecurePort();
    }

    @Test
    public void testMultipleModuleWarsOverrideClientCertRequiredSuccess() throws Exception {
        Log.info(logClass, getCurrentTestName(), "-----Entering " + getCurrentTestName());
        setServerConfiguration(XML_CLIENT_CERT_NO_FAILOVER_NAME, new String[]{APP_NAME});
        setupClient(CERTUSER1_KEYFILE);
        verifyResponse(accessPageNoChallenge(this.httpclient, urlBase + APP1_SERVLET, 200, urlBase + APP1_SERVLET), "certuser1", LDAP_UR_REALM_NAME, null, LDAP_UR_GROUPS);
        this.httpclient.getConnectionManager().shutdown();
        setupConnection();
        setupClient(CERTUSER1_KEYFILE);
        verifyResponse(accessPageNoChallenge(this.httpclient, urlBase + APP2_SERVLET, 200, urlBase + APP2_SERVLET), "certuser1", LDAP_UR_REALM_NAME, null, LDAP_UR_GROUPS);
        Log.info(logClass, getCurrentTestName(), "-----Exiting " + getCurrentTestName());
    }

    @Test
    public void testMultipleModuleWarsOverrideClientCertRequiredNoCertFailure() throws Exception {
        Log.info(logClass, getCurrentTestName(), "-----Entering " + getCurrentTestName());
        setServerConfiguration(XML_CLIENT_CERT_NO_FAILOVER_NAME, new String[]{APP_NAME});
        try {
            setupClient(CERTUSER4_KEYFILE);
            accessPageExpectException(this.httpclient, urlBase + APP1_SERVLET);
            Assert.fail("Excepted SSL error did not occur");
        } catch (SSLPeerUnverifiedException e) {
            Log.info(logClass, getCurrentTestName(), "SSLPeerUnverifiedException is caught which is expected.");
        } catch (Exception e2) {
            Assert.fail("Caught unexpected exception: " + e2);
        }
        try {
            setupClient(CERTUSER4_KEYFILE);
            accessPageExpectException(this.httpclient, urlBase + APP2_SERVLET);
            Assert.fail("Excepted SSL error did not occur");
        } catch (SSLPeerUnverifiedException e3) {
            Log.info(logClass, getCurrentTestName(), "SSLPeerUnverifiedException is caught which is expected.");
        } catch (Exception e4) {
            Assert.fail("Caught unexpected exception: " + e4);
        }
        Log.info(logClass, getCurrentTestName(), "-----Exiting " + getCurrentTestName());
    }

    @Test
    public void testMultipleModuleWarsOverrideClientCertValidCertRequiredAuthzFailure() throws Exception {
        Log.info(logClass, getCurrentTestName(), "-----Entering " + getCurrentTestName());
        setServerConfiguration(XML_CLIENT_CERT_NO_FAILOVER_NAME, new String[]{APP_NAME});
        setupClient(CERTUSER2_KEYFILE);
        accessPageNoChallenge(this.httpclient, urlBase + APP1_SERVLET, 403, urlBase + APP1_SERVLET);
        this.httpclient.getConnectionManager().shutdown();
        setupConnection();
        setupClient(CERTUSER2_KEYFILE);
        accessPageNoChallenge(this.httpclient, urlBase + APP2_SERVLET, 403, urlBase + APP2_SERVLET);
        Log.info(logClass, getCurrentTestName(), "-----Exiting " + getCurrentTestName());
    }

    @Test
    public void testMultipleModuleWarsOverrideClientCertRequiredInvalidCertFailure() throws Exception {
        Log.info(logClass, getCurrentTestName(), "-----Entering " + getCurrentTestName());
        setServerConfiguration(XML_CLIENT_CERT_NO_FAILOVER_NAME, new String[]{APP_NAME});
        setupClient(CERTUSER3_KEYFILE);
        accessPageNoChallenge(this.httpclient, urlBase + APP1_SERVLET, 403, urlBase + APP1_SERVLET);
        this.httpclient.getConnectionManager().shutdown();
        setupConnection();
        setupClient(CERTUSER3_KEYFILE);
        accessPageNoChallenge(this.httpclient, urlBase + APP2_SERVLET, 403, urlBase + APP2_SERVLET);
        Log.info(logClass, getCurrentTestName(), "-----Exiting " + getCurrentTestName());
    }

    @Test
    public void testMultipleModuleWarsOverrideClientCertSupportSuccess() throws Exception {
        Log.info(logClass, getCurrentTestName(), "-----Entering " + getCurrentTestName());
        setServerConfiguration(XML_CLIENT_CERT_NO_FAILOVER_SUPPORT_NAME, new String[]{APP_NAME});
        setupClient(CERTUSER1_KEYFILE);
        verifyResponse(accessPageNoChallenge(this.httpclient, urlBase + APP1_SERVLET, 200, urlBase + APP1_SERVLET), "certuser1", LDAP_UR_REALM_NAME, null, LDAP_UR_GROUPS);
        this.httpclient.getConnectionManager().shutdown();
        setupConnection();
        setupClient(CERTUSER1_KEYFILE);
        verifyResponse(accessPageNoChallenge(this.httpclient, urlBase + APP2_SERVLET, 200, urlBase + APP2_SERVLET), "certuser1", LDAP_UR_REALM_NAME, null, LDAP_UR_GROUPS);
        Log.info(logClass, getCurrentTestName(), "-----Exiting " + getCurrentTestName());
    }

    @Test
    public void testMultipleModuleWarsOverrideClientCertSupportNoCertFailure() throws Exception {
        Log.info(logClass, getCurrentTestName(), "-----Entering " + getCurrentTestName());
        setServerConfiguration(XML_CLIENT_CERT_NO_FAILOVER_SUPPORT_NAME, new String[]{APP_NAME});
        setupClient(CERTUSER4_KEYFILE);
        accessPageNoChallenge(this.httpclient, urlBase + APP1_SERVLET, 403, urlBase + APP1_SERVLET);
        this.httpclient.getConnectionManager().shutdown();
        setupConnection();
        setupClient(CERTUSER4_KEYFILE);
        accessPageNoChallenge(this.httpclient, urlBase + APP2_SERVLET, 403, urlBase + APP2_SERVLET);
        Log.info(logClass, getCurrentTestName(), "-----Exiting " + getCurrentTestName());
    }

    @Test
    public void testMultipleModuleWarsOverrideClientCertSupportValidCertAuthzFailure() throws Exception {
        Log.info(logClass, getCurrentTestName(), "-----Entering " + getCurrentTestName());
        setServerConfiguration(XML_CLIENT_CERT_NO_FAILOVER_SUPPORT_NAME, new String[]{APP_NAME});
        setupClient(CERTUSER2_KEYFILE);
        accessPageNoChallenge(this.httpclient, urlBase + APP1_SERVLET, 403, urlBase + APP1_SERVLET);
        this.httpclient.getConnectionManager().shutdown();
        setupConnection();
        setupClient(CERTUSER2_KEYFILE);
        accessPageNoChallenge(this.httpclient, urlBase + APP2_SERVLET, 403, urlBase + APP2_SERVLET);
        Log.info(logClass, getCurrentTestName(), "-----Exiting " + getCurrentTestName());
    }

    @Test
    public void testMultipleModuleWarsOverrideClientCertSupportInvalidCertFailure() throws Exception {
        Log.info(logClass, getCurrentTestName(), "-----Entering " + getCurrentTestName());
        setServerConfiguration(XML_CLIENT_CERT_NO_FAILOVER_SUPPORT_NAME, new String[]{APP_NAME});
        setupClient(CERTUSER3_KEYFILE);
        accessPageNoChallenge(this.httpclient, urlBase + APP1_SERVLET, 403, urlBase + APP1_SERVLET);
        this.httpclient.getConnectionManager().shutdown();
        setupConnection();
        setupClient(CERTUSER3_KEYFILE);
        accessPageNoChallenge(this.httpclient, urlBase + APP2_SERVLET, 403, urlBase + APP2_SERVLET);
        Log.info(logClass, getCurrentTestName(), "-----Exiting " + getCurrentTestName());
    }

    protected void verifyResponse(String str, String str2, String str3, String str4, String str5) {
        verifyUserResponse(str, "getUserPrincipal().getName(): " + str2, "getRemoteUser: " + str2);
        verifyRealm(str, str3);
        if (str4 != null) {
            verifyNotInGroups(str, str4);
        }
        verifyGroups(str, str5);
    }

    private void setupClient(String str) {
        SSLHelper.establishSSLContext(this.httpclient, myServer.getHttpDefaultSecurePort(), myServer, myServer.pathToAutoFVTTestFiles + "/clientcert/" + str, KEYSTORE_PASSWORD, (String) null, (String) null);
    }
}
